Tag: ALEXA

Facebook says it has stopped feeding users’ audio chats to human reviewers for transcription, similar to what other Big Tech were recently caught doing. Facebook’s contractors were reportedly kept in the dark about their job.

The company “paused human review more than a week ago,” Facebook said in a statement on Tuesday, adding that the audio being reviewed was from Messenger users who opted in to having their voice chats transcribed to text by AI. The human transcribers were merely checking whether the AI transcriptions were correct, the company said.

Contractors often caught snippets of intimate or “vulgar” chats, though the messages were anonymized, and they were not told why they were transcribing the audio, where it came from or how it was obtained, contractors told Bloomberg. Some said the uncertainty and apparent duplicity – Facebook doesn’t tell users third parties may review their audio – troubled them.

While the company admits it collects “content, communications and other information you provide [when you] message or communicate with others,” there is no mention in its data use policy of humans processing the information. Instead, it’s Facebook’s “systems” that are supposed to “automatically process content and communications you and others provide to analyze context and what’s in them.” Even the list of third parties who might potentially receive users’ information doesn’t explicitly include human transcription teams, only “vendors and service providers who support our business” by “analyzing how our products are used.”

Further adding to contractors’ concerns about eavesdropping on users’ private messages is the fact that Facebook forbids at least one outsourcing firm from referring to them by name. Santa Monica, California-based TaskUs instead refers to one of its largest and most important clients only by the code-name “Prism”– which is, ironically, also the name of the NSA initiative exposed by Edward Snowden that installed backdoors in popular online platforms like Google, Skype, Twitter, and…Facebook.

TaskUs contractors also moderate content for policy violations, screen political ads, and work on “election preparation,” an ominous term Bloomberg opts not to define but which has previously coincided with mass deplatforming of political accounts in the months preceding elections. Facebook’s content-moderation contracting practices were exposed earlier this year after ex-contractors from outsourcing firm Cognizant complained that the work was giving them PTSD, leading them to drown their traumas in drug use and casual sex, and shaking their beliefs in the “official”versions of historical events like 9/11 and the Holocaust. Those employees, too, were forbidden from referring to Facebook by its given name.

Facebook added the AI transcription function to Messenger in 2015 and claims it is switched off by default. Its documentation, however, reveals that only one participant in a chat needs to opt in for the audio to be transcribed.

After similar practices were exposed by Google Assistant, Amazon Alexa, and Apple Siri, all three have promised to end the human eavesdropping – or at least give users the option of avoiding it. Apple has reportedly ended human “grading” of Siri recordings until a future software update gives users the option of participating, while Amazon has added an opt-out setting and Google has promised to suspend human review…in Europe, for at least three months.

The expansion of home tech products to make life increasingly convenient requires consumer privacy sacrifices, the full extent of which won’t be revealed for years to come, but have been hinted at through a slew of missteps.

This past week Amazon hit headlines after its virtual assistant Alexa was caught passively recording couples arguing, having intimate family discussions and even having sex (apparently sex noises can trigger Alexa-activated Echo speakers).

Data is the new dominant commodity of the 21st century and the trade-off of convenience for privacy and security has been highlighted in a plethora of cases involving consumer ‘smart products’ in recent years.

Amazon Echo as murder witness?

Take the November 2015 case of James Bates, who was suspected of the murder of his friend Victor Collins at a house party in his home. Police issued multiple search warrants to Amazon in the landmark case, in an attempt to gain access to the records of Bates’ Echo device.

“I have a problem that a Christmas gift that is supposed to better your life can be used against you,”Bates’s attorney, Kimberly Weber, said at the time. Eventually, Bates himself decided to turn over the data, foregoing his right to privacy in the interest of proving his innocence and clearing his name.

Much like Amazon, Apple has been found surreptitiously recording users’ sexual encounters, drug deals and medical appointments, though more worryingly, these audio recordings were sent to human ‘graders’ for evaluation, according to recent, explosive revelations from a whistleblower.

Apple’s virtual assistant Siri stores users’ identifiable utterances for up to six months, before removing the unique user ID information and storing the clips elsewhere for up to two years – in the interest of improved customer experience, of course.

Google Mini & passive spying

Google’s domestic virtual assistant Google Mini has also been caught passively spying on consumers in their own homes. Worryingly, however, Google employs hundreds of so-called “language experts” to parse snippets of audio, some of which contain embarrassing or sensitive information, to better understand the nuances of human language.

In 2017, writer Artem Russakovskii went to the product’s unveiling at the SFJazz Center in San Francisco. After a couple of days he checked his voice activity log to find thousands of inadvertent entries that should never have been logged; the device had been spying on him 24/7 due to an apparent ‘hardware flaw’, as the company claimed at the time.

Hacking tech teddies

The idea for a teddy bear that allowed parents and children to share affection when long distances apart was good in theory, but ultimately proved terrifying in practice.

Through Cloudpets (and various other interpretations of the idea), children could record short messages for loved ones far away that would be transmitted via bluetooth to a nearby smartphone and beamed across the country or, indeed, the world.

Alas, it didn’t take long before data belonging to some 800,000 customers, totalling roughly two million messages between children and adults, which were stored in an online database, was hacked and held for ransom.

There was no encryption or authentication between the bluetooth devices in the stuffed animals and the smartphone app, meaning unscrupulous actors could invade people’s most heartfelt moments with their children.

Backdoor Barbie

Mattel’s ‘Hello Barbie’ was billed as the world’s first “interactive doll”complete with a microphone that records children and sends the messages to third parties for processing before a response is generated.

However, security researchers quickly discovered that the wifi-connected doll was vulnerable to hacking, and those with the relevant knowhow could access the doll’s system information, account information, stored data including audio files, and the doll’s built-in microphone.

Researcher Matt Jakubowski claimed that it was “just a matter of time until we are able to replace their servers with ours and have her say anything we want.”

But the ghoulish details didn’t stop there; hackers could theoretically take over a home’s wifi network via the doll and gain access to other connected devices such as laptops and phones, allowing them to pilfer a wealth of personal and financial information.

High-tech takeover

White hat hacking work by a team of researchers at China’s Zhejiang University showed how inaudible “commands” could be used to remotely trigger a potential victim’s smart device. The team used various clever strategies, including playing frequencies above 20kHz as the victim was recording, rendering the inaudible frequency as a trigger to access the device.

The researchers managed to hack the voice interfaces of Amazon, Apple, Google, Microsoft and Samsung devices and command them to, for example, visit specific malicious websites or even send emails and text messages all while dimming the screen and lowering the device volume to conceal the attack, leaving the victim completely unaware.

The team even managed to remotely place phone and video calls to listen in and observe the victim’s surroundings. They infamously also managed to hack the navigation system of an Audi SUV.